As a Quality Analyst, bugs and quality are always a concern for the entire project team which has a notable impact on an organization’s business and client's feedback. To provide excellent quality, the team must understand the core business context with the client requirements. On the other hand, the team should handle their code quality to make it less bug /error prone. There are various kinds of bugs such as functional, syntactic, communication, missing commands, Error handling exceptions, calculations and Control flow bugs. Apart from these, there are some non-functional bugs like performance issues, security concerns, and web app vulnerabilities.
An application vulnerability is a weakness or a system flaw in a request which compromises the safety of the application. These flaws and vulnerabilities are used to exploit the application security and determine how to access it. The attacker has the potential to attack via threats and exploit the web vulnerability to facilitate a cyber crime. There are several types of web app vulnerabilities and are not limited to XSS or SQL injection.
To make a secure web app, you must be aware of these vulnerabilities.
Buffer Overflow
A buffer overflow, or “buffer overrun” occurs when more data is placed into a fixed-length buffer than the buffer can handle. Adjacent memory space becomes overwritten and corrupted. As results, usually system crashes, although it increases the possibility for an attacker to run arbitrary code.
CRLF Injection
Used in HTTP Response Splitting. In the HTTP specification, there is a spec stating that the HTTP header is split from the data portion of the packet. This formatting split is defined by a carriage return and line feed or called a rn.
Basically, by injection a rn somewhere in the HTTP header you can split an HTTP packet into two different packets. One packet will have the malicious payload, while the other packet holds the valid information. And this leads to proxy /web server cache poisoning, XSS, client web browser poisoning, website defacement and hijacking client session.
Cross-Site Request Forgery (CSRF)
CSRF is an attack through which a malicious site will send a request to the web application in which a user is already authenticated against a different website. In this manner, an attacker can access functionality at target web application via the victim's already authenticated browser. Victim targets include web applications like in-browser email clients, social media, online banking and web interfaces for network devices.
Cross-Site Scripting
An XSS vulnerability occurs when the web applications take data from users as input and dynamically include it in web pages without properly sanitizing or validating the data. XSS vulnerabilities allow an attacker to execute capricious commands and display capricious results in a victim’s browser. These scripts embedded in a page that is executed on the client-side (in the user’s web browser) rather than on the server-side. XSS is a threat which is bought from the internet security flaw of client-side scripting languages, like HTML and JavaScript. In such a case victim is the application user and not the application, malicious content is delivered to users using JavaScript. And, malicious code executes for victim session to bypass necessary security restrictions.
Directory Traversal
It is a kind of HTTP exploit that is performed by attackers to acquire unauthorized access to restricted directories and files. Directory traversal, also known as path traversal. Directory traversal attacks target web server software to exploit weak security mechanisms and access directories and files stored outside of the webroot folder. There are two security mechanisms that web servers use to restrict user access: root directory and Access Control Lists (ACLs).
Insufficient Transport Layer Protection Defined
Insufficient Transport Layer Protection is a security weakness caused by applications due to not following any standards to protect network traffic. Meanwhile authentication, applications may use SSL/TLS, but they mostly fail to apply it, elsewhere in the application, thereby leaving data and session IDs exposed. Exposed data and session IDs can be intercepted, which means the application is vulnerable to exploit.
Lightweight Directory Access Protocol (LDAP) Injection
LDAP is a widely used open standard protocol for both querying and manipulating information directories. The LDAP protocol runs over Internet transport protocols, such as TCP. Web applications use the user-supplied input to create custom LDAP statements for dynamic web page requests. LDAP injection is the technique of exploiting web applications that use client-supplied data in LDAP statements without first stripping potentially bad characters from the request.
SQL Injection
SQL injection is a type of web application security vulnerability in which an attacker can submit a database SQL command, which is executed by a web application, exposing the back-end database. Injected SQL commands can alter SQL statement and compromise the security of a web application. SQL injection weaknesses occur when an application uses untrusted data, such as data entered into web form fields, as part of a database query.
When an application fails to properly sanitize this untrusted data before adding it to a SQL query, an attacker can include their SQL commands which the database will execute.
